SlideShare a Scribd company logo

MISA Cloud Workshop_ ipc privacy in the cloud

M
MISA Ontario Cloud SIG

This document summarizes a presentation about privacy and cloud computing. It discusses the benefits and risks of cloud computing, as well as the importance of privacy by design and accountability. Key points include that while cloud services can be outsourced, accountability cannot. Organizations must conduct due diligence on cloud providers and ensure proper contractual provisions through a privacy by design approach.

1 of 16
Download to read offline
Privacy by Design in the Clouds: You Can’t Outsource Accountability David Goodis Director of Legal Services and General Counsel Information and Privacy Commissioner of Ontario Cloud Computing - 101 and Beyond Municipal Information Systems Association, Ontario April 11, 2012
Cloud Computing and Deployment • Cloud computing – convenient, on-demand network access to a shared pool of computing resources • Examples: – Public Cloud – Private Cloud – Community Cloud – Hybrid Cloud
The Power and Promise of Cloud Computing • Flexibility • Better reliability and security • Enhanced collaboration • Efficiency in deployment • Portability • Potential cost savings • Simpler devices
The Cloud and Privacy Concerns • Fraud, confidentiality and security concerns are inhibiting confidence, trust, and the growth of cloud computing • Fears of surveillance and excessive collection, use and disclosure of personal information by others are also diminishing confidence and use • Lack of individual user empowerment and control – Uncertainty as to location of data, rights to data • Function creep, power asymmetries, discrimination • Data breach notification • Proper data return and destruction • Governing law
You can outsource services … … but you can’t outsource accountability You always remain accountable
Privacy by Design Meets the Cloud: Current and Future Privacy Challenges • What is Privacy by Design? building privacy into technology from the ground up • The goal is to establish trust in: • Data (that travels through the cloud) • Personal devices (that interact with cloud-based services) • Software • Service providers
Privacy by Design: The 7 Foundational Principles 1. Proactive not Reactive: Preventative, not Remedial; 2. Privacy as the Default setting; 3. Privacy Embedded into Design; 4. Full Functionality: Positive-Sum, not Zero-Sum; 5. End-to-End Security: Full Lifecycle Protection; 6. Visibility and Transparency: Keep it Open; 7. Respect for User Privacy: Keep it User-Centric. www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf
Privacy by Design Meets the Cloud Some things to consider: • Exercise due diligence • Conduct a Privacy Impact Assessment • Use identifying information only when necessary • Identify and minimize privacy and security risks • Use privacy enhancing technological tools • Ensure transparency, notice, education, awareness • Develop a privacy breach management plan • Create and enforce contractual clauses
Contractual Provisions to Consider • Service provider should not use PI except as necessary in providing services • Provider should not improperly disclose PI • Provider must employ safeguards to ensure PI is retained, transferred and disposed of securely • Provider must notify the organization immediately of any order or other requirement to compel production of PI • Provider must notify the organization immediately if PI is stolen, lost, accessed by unauthorized persons • Implement oversight and monitoring program, including audits of the provider’s compliance with the terms of the agreement • No one on behalf of provider should have access to PI unless that person agrees to comply with restrictions in the agreement.
USA Patriot Act and Cloud Computing • BC, NS legislation restricts government’s ability to outsource beyond Canadian border • There will always be laws that allow law enforcement to gain access to information in their jurisdictions – the important question is what steps can an organization take to help ensure privacy and security, regardless of jurisdiction • Organizations considering outsourcing or cloud computing should ensure accountability through appropriate contractual provisions and a Privacy by Design approach that ensures privacy is built in as an integral part of the proposed technologies and business practices
Privacy by Design in Action
Privacy in the Clouds • The 21st Century Privacy Challenge; • Creating a User-Centric Identity Management Infrastructure; • Using Technology Building Blocks; • A Call to Action. www.ipc.on.ca/images/Resources%5Cprivacyintheclouds.pdf
Cloud Computing Architecture and Privacy • Cloud Delivery Models • Use cloud in privacy protective manner – user control • e.g. encryption, segregation www.ipc.on.ca/images/Resources/pbd-NEC-cloud.pdf
Conclusions • Cloud computing has many benefits and risks • You can outsource your services but not your accountability • Conduct proper due diligence on your cloud provider • Ensure you have the appropriate contractual provisions in place • Build PbD into the cloud infrastructure • Embed privacy as a core functionality: the future of privacy may depend on it!
How to Contact Us David Goodis Director of Legal Services and General Counsel Information & Privacy Commissioner of Ontario 2 Bloor Street East, Suite 1400 Toronto, Ontario, Canada M4W 1A8 Phone: (416) 326-3948 / 1-800-387-0073 Web: www.ipc.on.ca E-mail: info@ipc.on.ca
MISA Cloud Workshop_ ipc privacy in the cloud

Recommended

Privacy by design
Privacy by designPrivacy by design
Privacy by design
blogzilla
 
Scrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky CleanScrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky Clean
NetIQ
 
Building A Cloud-Ready Security Program
Building A Cloud-Ready Security ProgramBuilding A Cloud-Ready Security Program
Building A Cloud-Ready Security Program
NetIQ
 
Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data? Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data?
Bianca Mueller, LL.M.
 
Towards Privacy by Design. Key issues to unlock science.
Towards Privacy by Design. Key issues to unlock science.Towards Privacy by Design. Key issues to unlock science.
Towards Privacy by Design. Key issues to unlock science.
Marlon Domingus
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the art
James Mulhern
 
Dwyer "Privacy by Design: Can It Work?"
Dwyer "Privacy by Design: Can It Work?"Dwyer "Privacy by Design: Can It Work?"
Dwyer "Privacy by Design: Can It Work?"Cathy Dwyer
 
Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015
Dr. Ann Cavoukian
 

Recommended

Privacy by design
Privacy by designPrivacy by design
Privacy by design
blogzilla
 
Scrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky CleanScrubbing Your Active Directory Squeaky Clean
Scrubbing Your Active Directory Squeaky Clean
NetIQ
 
Building A Cloud-Ready Security Program
Building A Cloud-Ready Security ProgramBuilding A Cloud-Ready Security Program
Building A Cloud-Ready Security Program
NetIQ
 
Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data? Everyone is talking Cloud - How secure is your data?
Everyone is talking Cloud - How secure is your data?
Bianca Mueller, LL.M.
 
Towards Privacy by Design. Key issues to unlock science.
Towards Privacy by Design. Key issues to unlock science.Towards Privacy by Design. Key issues to unlock science.
Towards Privacy by Design. Key issues to unlock science.
Marlon Domingus
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the art
James Mulhern
 
Dwyer "Privacy by Design: Can It Work?"
Dwyer "Privacy by Design: Can It Work?"Dwyer "Privacy by Design: Can It Work?"
Dwyer "Privacy by Design: Can It Work?"Cathy Dwyer
 
Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015Privacy by Design Seminar - Jan 22, 2015
Privacy by Design Seminar - Jan 22, 2015
Dr. Ann Cavoukian
 
Privacy by Design: White Papaer
Privacy by Design: White PapaerPrivacy by Design: White Papaer
Privacy by Design: White Papaer
Kristyn Greenwood
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2Kyle Lai
 
Enlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter GridEnlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter Grid
bradley_g
 
Privacy by Design as a system design strategy - EIC 2019
Privacy by Design as a system design strategy - EIC 2019 Privacy by Design as a system design strategy - EIC 2019
Privacy by Design as a system design strategy - EIC 2019
Sagara Gunathunga
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetup
Ishay Tentser
 
Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!
Praveenkumar Hosangadi
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
PECB
 
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
Aggregage
 
Oper8 document management solution v2.0
Oper8 document management solution v2.0Oper8 document management solution v2.0
Oper8 document management solution v2.0
Tony Riley
 
MISA Cloud workshop_ Security and risk mgmt
MISA Cloud workshop_ Security and risk mgmtMISA Cloud workshop_ Security and risk mgmt
MISA Cloud workshop_ Security and risk mgmtMISA Ontario Cloud SIG
 
DocomUSA Cyber Security
DocomUSA Cyber SecurityDocomUSA Cyber Security
DocomUSA Cyber Securitydocomusa
 
Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other
bradley_g
 
Cloud Computing and the Public Sector
Cloud Computing and the Public SectorCloud Computing and the Public Sector
Cloud Computing and the Public Sector
MHCCloud
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response Plan
Next Dimension Inc.
 
Securing your Data, Reporting Recommended Practices
Securing your Data, Reporting Recommended PracticesSecuring your Data, Reporting Recommended Practices
Securing your Data, Reporting Recommended Practices
John Martin
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...
James Mulhern
 
Cloud computing - When is Deletion Deletion?
Cloud computing - When is Deletion Deletion?Cloud computing - When is Deletion Deletion?
Cloud computing - When is Deletion Deletion?
Lancaster University Library
 
Cloud security lessons learned and audit
Cloud security lessons learned and auditCloud security lessons learned and audit
Cloud security lessons learned and audit
Marc Vael
 
Advantages of privacy by design in IoE
Advantages of privacy by design in IoEAdvantages of privacy by design in IoE
Advantages of privacy by design in IoE
Marc Vael
 
Big data security the perfect storm
Big data security the perfect stormBig data security the perfect storm
Big data security the perfect stormUlf Mattsson
 
Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Cloud Security: A matter of trust?
Cloud Security: A matter of trust?
Mark Williams
 
Risks and Benefits of Cloud Computing
Risks and Benefits of Cloud ComputingRisks and Benefits of Cloud Computing
Risks and Benefits of Cloud ComputingDLA Piper (Canada) LLP
 

More Related Content

What's hot

Privacy by Design: White Papaer
Privacy by Design: White PapaerPrivacy by Design: White Papaer
Privacy by Design: White Papaer
Kristyn Greenwood
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2Kyle Lai
 
Enlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter GridEnlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter Grid
bradley_g
 
Privacy by Design as a system design strategy - EIC 2019
Privacy by Design as a system design strategy - EIC 2019 Privacy by Design as a system design strategy - EIC 2019
Privacy by Design as a system design strategy - EIC 2019
Sagara Gunathunga
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetup
Ishay Tentser
 
Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!
Praveenkumar Hosangadi
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
PECB
 
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
Aggregage
 
Oper8 document management solution v2.0
Oper8 document management solution v2.0Oper8 document management solution v2.0
Oper8 document management solution v2.0
Tony Riley
 
MISA Cloud workshop_ Security and risk mgmt
MISA Cloud workshop_ Security and risk mgmtMISA Cloud workshop_ Security and risk mgmt
MISA Cloud workshop_ Security and risk mgmtMISA Ontario Cloud SIG
 
DocomUSA Cyber Security
DocomUSA Cyber SecurityDocomUSA Cyber Security
DocomUSA Cyber Securitydocomusa
 
Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other
bradley_g
 
Cloud Computing and the Public Sector
Cloud Computing and the Public SectorCloud Computing and the Public Sector
Cloud Computing and the Public Sector
MHCCloud
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response Plan
Next Dimension Inc.
 
Securing your Data, Reporting Recommended Practices
Securing your Data, Reporting Recommended PracticesSecuring your Data, Reporting Recommended Practices
Securing your Data, Reporting Recommended Practices
John Martin
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...
James Mulhern
 
Cloud computing - When is Deletion Deletion?
Cloud computing - When is Deletion Deletion?Cloud computing - When is Deletion Deletion?
Cloud computing - When is Deletion Deletion?
Lancaster University Library
 
Cloud security lessons learned and audit
Cloud security lessons learned and auditCloud security lessons learned and audit
Cloud security lessons learned and audit
Marc Vael
 
Advantages of privacy by design in IoE
Advantages of privacy by design in IoEAdvantages of privacy by design in IoE
Advantages of privacy by design in IoE
Marc Vael
 
Big data security the perfect storm
Big data security the perfect stormBig data security the perfect storm
Big data security the perfect stormUlf Mattsson
 

What's hot (20)

Privacy by Design: White Papaer
Privacy by Design: White PapaerPrivacy by Design: White Papaer
Privacy by Design: White Papaer
 
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
ISACA - China Cybersecurity Law Presentation - Kyle Lai - v3.2
 
Enlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter GridEnlightened Privacy – by Design for a Smarter Grid
Enlightened Privacy – by Design for a Smarter Grid
 
Privacy by Design as a system design strategy - EIC 2019
Privacy by Design as a system design strategy - EIC 2019 Privacy by Design as a system design strategy - EIC 2019
Privacy by Design as a system design strategy - EIC 2019
 
Privacy by design for peerlyst meetup
Privacy by design for peerlyst meetupPrivacy by design for peerlyst meetup
Privacy by design for peerlyst meetup
 
Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
 
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
How to Effectively Equip Your IG Program for the Perilous Journey Into the Fu...
 
Oper8 document management solution v2.0
Oper8 document management solution v2.0Oper8 document management solution v2.0
Oper8 document management solution v2.0
 
MISA Cloud workshop_ Security and risk mgmt
MISA Cloud workshop_ Security and risk mgmtMISA Cloud workshop_ Security and risk mgmt
MISA Cloud workshop_ Security and risk mgmt
 
DocomUSA Cyber Security
DocomUSA Cyber SecurityDocomUSA Cyber Security
DocomUSA Cyber Security
 
Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other Mobile Solutions and Privacy – Not One at the Expense of the Other
Mobile Solutions and Privacy – Not One at the Expense of the Other
 
Cloud Computing and the Public Sector
Cloud Computing and the Public SectorCloud Computing and the Public Sector
Cloud Computing and the Public Sector
 
Siskinds | Incident Response Plan
Siskinds | Incident Response PlanSiskinds | Incident Response Plan
Siskinds | Incident Response Plan
 
Securing your Data, Reporting Recommended Practices
Securing your Data, Reporting Recommended PracticesSecuring your Data, Reporting Recommended Practices
Securing your Data, Reporting Recommended Practices
 
What is Information Security and why you should care ...
What is Information Security and why you should care ...What is Information Security and why you should care ...
What is Information Security and why you should care ...
 
Cloud computing - When is Deletion Deletion?
Cloud computing - When is Deletion Deletion?Cloud computing - When is Deletion Deletion?
Cloud computing - When is Deletion Deletion?
 
Cloud security lessons learned and audit
Cloud security lessons learned and auditCloud security lessons learned and audit
Cloud security lessons learned and audit
 
Advantages of privacy by design in IoE
Advantages of privacy by design in IoEAdvantages of privacy by design in IoE
Advantages of privacy by design in IoE
 
Big data security the perfect storm
Big data security the perfect stormBig data security the perfect storm
Big data security the perfect storm
 

Similar to MISA Cloud Workshop_ ipc privacy in the cloud

Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Cloud Security: A matter of trust?
Cloud Security: A matter of trust?
Mark Williams
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!
centralohioissa
 
Does cloud technology belong at your law firm?
Does cloud technology belong at your law firm?Does cloud technology belong at your law firm?
Does cloud technology belong at your law firm?
Clio - Cloud-Based Legal Technology
 
chapitre1-cloud security basics-23 (1).pptx
chapitre1-cloud security basics-23 (1).pptxchapitre1-cloud security basics-23 (1).pptx
chapitre1-cloud security basics-23 (1).pptx
GhofraneFerchichi2
 
Unit 9 Technological trends in Information Technology By Sulav Acharya
Unit 9 Technological trends in Information Technology By Sulav AcharyaUnit 9 Technological trends in Information Technology By Sulav Acharya
Unit 9 Technological trends in Information Technology By Sulav Acharya
AchSulav
 
Unit 9 Technological trends in Information Technology By Sulav Acharya
Unit 9 Technological trends in Information Technology By Sulav AcharyaUnit 9 Technological trends in Information Technology By Sulav Acharya
Unit 9 Technological trends in Information Technology By Sulav Acharya
AchSulav
 
Cloud computing in Australia - Separating hype from reality
Cloud computing in Australia - Separating hype from realityCloud computing in Australia - Separating hype from reality
Cloud computing in Australia - Separating hype from reality
Russell_Kennedy
 
Cloud Computing Legal Risks And Best Practices
Cloud Computing Legal Risks And Best PracticesCloud Computing Legal Risks And Best Practices
Cloud Computing Legal Risks And Best Practices
lisaabe
 
ISACA Cloud Computing Risks
ISACA Cloud Computing RisksISACA Cloud Computing Risks
ISACA Cloud Computing Risks
Marc Vael
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
Nithin Raj
 
Shedding Light on Shadow IT for File Sharing
Shedding Light on Shadow IT for File SharingShedding Light on Shadow IT for File Sharing
Shedding Light on Shadow IT for File SharingCipherCloud
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptx
LokNathRegmi1
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
Moshe Ferber
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Livingstone Advisory
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
GovCloud Network
 
Security Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdfSecurity Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdf
Ciente
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Valencell, Inc.
 
Privacy in cloud computing
Privacy in cloud computingPrivacy in cloud computing
Privacy in cloud computingAhmed Nour
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?
Kurt Hagerman
 

Similar to MISA Cloud Workshop_ ipc privacy in the cloud (20)

Cloud Security: A matter of trust?
Cloud Security: A matter of trust?Cloud Security: A matter of trust?
Cloud Security: A matter of trust?
 
Risks and Benefits of Cloud Computing
Risks and Benefits of Cloud ComputingRisks and Benefits of Cloud Computing
Risks and Benefits of Cloud Computing
 
Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!Bil Harmer - Myths of Cloud Security Debunked!
Bil Harmer - Myths of Cloud Security Debunked!
 
Does cloud technology belong at your law firm?
Does cloud technology belong at your law firm?Does cloud technology belong at your law firm?
Does cloud technology belong at your law firm?
 
chapitre1-cloud security basics-23 (1).pptx
chapitre1-cloud security basics-23 (1).pptxchapitre1-cloud security basics-23 (1).pptx
chapitre1-cloud security basics-23 (1).pptx
 
Unit 9 Technological trends in Information Technology By Sulav Acharya
Unit 9 Technological trends in Information Technology By Sulav AcharyaUnit 9 Technological trends in Information Technology By Sulav Acharya
Unit 9 Technological trends in Information Technology By Sulav Acharya
 
Unit 9 Technological trends in Information Technology By Sulav Acharya
Unit 9 Technological trends in Information Technology By Sulav AcharyaUnit 9 Technological trends in Information Technology By Sulav Acharya
Unit 9 Technological trends in Information Technology By Sulav Acharya
 
Cloud computing in Australia - Separating hype from reality
Cloud computing in Australia - Separating hype from realityCloud computing in Australia - Separating hype from reality
Cloud computing in Australia - Separating hype from reality
 
Cloud Computing Legal Risks And Best Practices
Cloud Computing Legal Risks And Best PracticesCloud Computing Legal Risks And Best Practices
Cloud Computing Legal Risks And Best Practices
 
ISACA Cloud Computing Risks
ISACA Cloud Computing RisksISACA Cloud Computing Risks
ISACA Cloud Computing Risks
 
Cloud Computing Security
Cloud Computing SecurityCloud Computing Security
Cloud Computing Security
 
Shedding Light on Shadow IT for File Sharing
Shedding Light on Shadow IT for File SharingShedding Light on Shadow IT for File Sharing
Shedding Light on Shadow IT for File Sharing
 
Chapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptxChapter_5_Security_CC.pptx
Chapter_5_Security_CC.pptx
 
Transforming cloud security into an advantage
Transforming cloud security into an advantageTransforming cloud security into an advantage
Transforming cloud security into an advantage
 
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
Navigating through the Cloud - 7 feb 2012 at Institute for Information Manage...
 
110307 cloud security requirements gourley
110307 cloud security requirements gourley110307 cloud security requirements gourley
110307 cloud security requirements gourley
 
Security Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdfSecurity Considerations When Using Cloud Infrastructure Services.pdf
Security Considerations When Using Cloud Infrastructure Services.pdf
 
Extending security in the cloud network box - v4
Extending security in the cloud network box - v4Extending security in the cloud network box - v4
Extending security in the cloud network box - v4
 
Privacy in cloud computing
Privacy in cloud computingPrivacy in cloud computing
Privacy in cloud computing
 
MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?MYTHBUSTERS: Can You Secure Payments in the Cloud?
MYTHBUSTERS: Can You Secure Payments in the Cloud?
 

More from MISA Ontario Cloud SIG

MISA Cloud workshop_Cloud_roi_tco_analysis
MISA Cloud workshop_Cloud_roi_tco_analysisMISA Cloud workshop_Cloud_roi_tco_analysis
MISA Cloud workshop_Cloud_roi_tco_analysisMISA Ontario Cloud SIG
 
MISA Cloud workshop _Ontario Public Service-cloud roadmap
MISA Cloud workshop _Ontario Public Service-cloud roadmapMISA Cloud workshop _Ontario Public Service-cloud roadmap
MISA Cloud workshop _Ontario Public Service-cloud roadmapMISA Ontario Cloud SIG
 
MISA Ontario Cloud SIG - Waterloo program_apr1112
MISA Ontario Cloud SIG - Waterloo program_apr1112MISA Ontario Cloud SIG - Waterloo program_apr1112
MISA Ontario Cloud SIG - Waterloo program_apr1112MISA Ontario Cloud SIG
 
MISA Cloud Workshop_ Roadmap to a municipal community cloud in canada
MISA Cloud Workshop_ Roadmap to a municipal community cloud in canadaMISA Cloud Workshop_ Roadmap to a municipal community cloud in canada
MISA Cloud Workshop_ Roadmap to a municipal community cloud in canadaMISA Ontario Cloud SIG
 
MISA Cloud Workshop _Reimagining Services delivery in the cloud
MISA Cloud Workshop _Reimagining Services delivery in the cloudMISA Cloud Workshop _Reimagining Services delivery in the cloud
MISA Cloud Workshop _Reimagining Services delivery in the cloudMISA Ontario Cloud SIG
 

More from MISA Ontario Cloud SIG (6)

MISA Cloud workshop_Cloud_roi_tco_analysis
MISA Cloud workshop_Cloud_roi_tco_analysisMISA Cloud workshop_Cloud_roi_tco_analysis
MISA Cloud workshop_Cloud_roi_tco_analysis
 
MISA Cloud workshop _Ontario Public Service-cloud roadmap
MISA Cloud workshop _Ontario Public Service-cloud roadmapMISA Cloud workshop _Ontario Public Service-cloud roadmap
MISA Cloud workshop _Ontario Public Service-cloud roadmap
 
MISA Ontario Cloud SIG - Waterloo program_apr1112
MISA Ontario Cloud SIG - Waterloo program_apr1112MISA Ontario Cloud SIG - Waterloo program_apr1112
MISA Ontario Cloud SIG - Waterloo program_apr1112
 
MISA Cloud Workshop_ Roadmap to a municipal community cloud in canada
MISA Cloud Workshop_ Roadmap to a municipal community cloud in canadaMISA Cloud Workshop_ Roadmap to a municipal community cloud in canada
MISA Cloud Workshop_ Roadmap to a municipal community cloud in canada
 
MISA Cloud Workshop _Reimagining Services delivery in the cloud
MISA Cloud Workshop _Reimagining Services delivery in the cloudMISA Cloud Workshop _Reimagining Services delivery in the cloud
MISA Cloud Workshop _Reimagining Services delivery in the cloud
 
MISA Cloud workshop - Cloud 101
MISA Cloud workshop - Cloud 101MISA Cloud workshop - Cloud 101
MISA Cloud workshop - Cloud 101
 

Recently uploaded

Vertical Church Kyiv Report 2022-2023: Church at war
Vertical Church Kyiv Report 2022-2023: Church at warVertical Church Kyiv Report 2022-2023: Church at war
Vertical Church Kyiv Report 2022-2023: Church at war
Olena Tyshchenko-Tyshkovets
 
Effective Techniques for Removing Negative Entities
Effective Techniques for Removing Negative EntitiesEffective Techniques for Removing Negative Entities
Effective Techniques for Removing Negative Entities
Reiki Healing Distance
 
The Chakra System in our body - A Portal to Interdimensional Consciousness.pptx
The Chakra System in our body - A Portal to Interdimensional Consciousness.pptxThe Chakra System in our body - A Portal to Interdimensional Consciousness.pptx
The Chakra System in our body - A Portal to Interdimensional Consciousness.pptx
Bharat Technology
 
The Good News, newsletter for June 2024 is here
The Good News, newsletter for June 2024 is hereThe Good News, newsletter for June 2024 is here
The Good News, newsletter for June 2024 is here
NoHo FUMC
 
St John's Parish Diary for June 2024.pdf
St John's Parish Diary for June 2024.pdfSt John's Parish Diary for June 2024.pdf
St John's Parish Diary for June 2024.pdf
Chris Lyne
 
Exploring the Mindfulness Understanding Its Benefits.pptx
Exploring the Mindfulness Understanding Its Benefits.pptxExploring the Mindfulness Understanding Its Benefits.pptx
Exploring the Mindfulness Understanding Its Benefits.pptx
MartaLoveguard
 
Deerfoot Church of Christ Bulletin 6 9 24
Deerfoot Church of Christ Bulletin 6 9 24Deerfoot Church of Christ Bulletin 6 9 24
Deerfoot Church of Christ Bulletin 6 9 24
deerfootcoc
 
Tarot for Your Self A Workbook for Personal Transformation Second Edition (M...
Tarot for Your Self A Workbook for Personal Transformation Second Edition (M...Tarot for Your Self A Workbook for Personal Transformation Second Edition (M...
Tarot for Your Self A Workbook for Personal Transformation Second Edition (M...
Mark457009
 
2. The Book of Psalms: Recognition of the kingship and sovereignty of God
2. The Book of Psalms: Recognition of the kingship and sovereignty of God2. The Book of Psalms: Recognition of the kingship and sovereignty of God
2. The Book of Psalms: Recognition of the kingship and sovereignty of God
COACH International Ministries
 
Hajj and umrah notes short procedure with important duas and translation
Hajj and umrah notes short procedure with important duas and translationHajj and umrah notes short procedure with important duas and translation
Hajj and umrah notes short procedure with important duas and translation
syedsaudnaqvi1
 
Kenneth Grant - Against the Light-Holmes Pub Grou Llc (1999).pdf
Kenneth Grant - Against the Light-Holmes Pub Grou Llc (1999).pdfKenneth Grant - Against the Light-Holmes Pub Grou Llc (1999).pdf
Kenneth Grant - Against the Light-Holmes Pub Grou Llc (1999).pdf
AlanBianch
 
Why is this So? ~ Do Seek to KNOW (English & Chinese).pptx
Why is this So? ~ Do Seek to KNOW (English & Chinese).pptxWhy is this So? ~ Do Seek to KNOW (English & Chinese).pptx
Why is this So? ~ Do Seek to KNOW (English & Chinese).pptx
OH TEIK BIN
 
Evangelization in the footsteps of Saint Vincent de Paul
Evangelization in the footsteps of Saint Vincent de PaulEvangelization in the footsteps of Saint Vincent de Paul
Evangelization in the footsteps of Saint Vincent de Paul
Famvin: the Worldwide Vincentian Family
 
Twisters
TwistersTwisters
Twisters
Dave Stewart
 
St. John's Parish Magazine - June 2024 ..
St. John's Parish Magazine - June 2024 ..St. John's Parish Magazine - June 2024 ..
St. John's Parish Magazine - June 2024 ..
Chris Lyne
 
English - The Book of Joshua the Son of Nun.pdf
English - The Book of Joshua the Son of Nun.pdfEnglish - The Book of Joshua the Son of Nun.pdf
English - The Book of Joshua the Son of Nun.pdf
Filipino Tracts and Literature Society Inc.
 
Jude: Practical Exhortations_Jude 17-23.pptx
Jude: Practical Exhortations_Jude 17-23.pptxJude: Practical Exhortations_Jude 17-23.pptx
Jude: Practical Exhortations_Jude 17-23.pptx
Stephen Palm
 

Recently uploaded (17)

Vertical Church Kyiv Report 2022-2023: Church at war
Vertical Church Kyiv Report 2022-2023: Church at warVertical Church Kyiv Report 2022-2023: Church at war
Vertical Church Kyiv Report 2022-2023: Church at war
 
Effective Techniques for Removing Negative Entities
Effective Techniques for Removing Negative EntitiesEffective Techniques for Removing Negative Entities
Effective Techniques for Removing Negative Entities
 
The Chakra System in our body - A Portal to Interdimensional Consciousness.pptx
The Chakra System in our body - A Portal to Interdimensional Consciousness.pptxThe Chakra System in our body - A Portal to Interdimensional Consciousness.pptx
The Chakra System in our body - A Portal to Interdimensional Consciousness.pptx
 
The Good News, newsletter for June 2024 is here
The Good News, newsletter for June 2024 is hereThe Good News, newsletter for June 2024 is here
The Good News, newsletter for June 2024 is here
 
St John's Parish Diary for June 2024.pdf
St John's Parish Diary for June 2024.pdfSt John's Parish Diary for June 2024.pdf
St John's Parish Diary for June 2024.pdf
 
Exploring the Mindfulness Understanding Its Benefits.pptx
Exploring the Mindfulness Understanding Its Benefits.pptxExploring the Mindfulness Understanding Its Benefits.pptx
Exploring the Mindfulness Understanding Its Benefits.pptx
 
Deerfoot Church of Christ Bulletin 6 9 24
Deerfoot Church of Christ Bulletin 6 9 24Deerfoot Church of Christ Bulletin 6 9 24
Deerfoot Church of Christ Bulletin 6 9 24
 
Tarot for Your Self A Workbook for Personal Transformation Second Edition (M...
Tarot for Your Self A Workbook for Personal Transformation Second Edition (M...Tarot for Your Self A Workbook for Personal Transformation Second Edition (M...
Tarot for Your Self A Workbook for Personal Transformation Second Edition (M...
 
2. The Book of Psalms: Recognition of the kingship and sovereignty of God
2. The Book of Psalms: Recognition of the kingship and sovereignty of God2. The Book of Psalms: Recognition of the kingship and sovereignty of God
2. The Book of Psalms: Recognition of the kingship and sovereignty of God
 
Hajj and umrah notes short procedure with important duas and translation
Hajj and umrah notes short procedure with important duas and translationHajj and umrah notes short procedure with important duas and translation
Hajj and umrah notes short procedure with important duas and translation
 
Kenneth Grant - Against the Light-Holmes Pub Grou Llc (1999).pdf
Kenneth Grant - Against the Light-Holmes Pub Grou Llc (1999).pdfKenneth Grant - Against the Light-Holmes Pub Grou Llc (1999).pdf
Kenneth Grant - Against the Light-Holmes Pub Grou Llc (1999).pdf
 
Why is this So? ~ Do Seek to KNOW (English & Chinese).pptx
Why is this So? ~ Do Seek to KNOW (English & Chinese).pptxWhy is this So? ~ Do Seek to KNOW (English & Chinese).pptx
Why is this So? ~ Do Seek to KNOW (English & Chinese).pptx
 
Evangelization in the footsteps of Saint Vincent de Paul
Evangelization in the footsteps of Saint Vincent de PaulEvangelization in the footsteps of Saint Vincent de Paul
Evangelization in the footsteps of Saint Vincent de Paul
 
Twisters
TwistersTwisters
Twisters
 
St. John's Parish Magazine - June 2024 ..
St. John's Parish Magazine - June 2024 ..St. John's Parish Magazine - June 2024 ..
St. John's Parish Magazine - June 2024 ..
 
English - The Book of Joshua the Son of Nun.pdf
English - The Book of Joshua the Son of Nun.pdfEnglish - The Book of Joshua the Son of Nun.pdf
English - The Book of Joshua the Son of Nun.pdf
 
Jude: Practical Exhortations_Jude 17-23.pptx
Jude: Practical Exhortations_Jude 17-23.pptxJude: Practical Exhortations_Jude 17-23.pptx
Jude: Practical Exhortations_Jude 17-23.pptx
 

MISA Cloud Workshop_ ipc privacy in the cloud

  • 1. Privacy by Design in the Clouds: You Can’t Outsource Accountability David Goodis Director of Legal Services and General Counsel Information and Privacy Commissioner of Ontario Cloud Computing - 101 and Beyond Municipal Information Systems Association, Ontario April 11, 2012
  • 2. Cloud Computing and Deployment • Cloud computing – convenient, on-demand network access to a shared pool of computing resources • Examples: – Public Cloud – Private Cloud – Community Cloud – Hybrid Cloud
  • 3. The Power and Promise of Cloud Computing • Flexibility • Better reliability and security • Enhanced collaboration • Efficiency in deployment • Portability • Potential cost savings • Simpler devices
  • 4. The Cloud and Privacy Concerns • Fraud, confidentiality and security concerns are inhibiting confidence, trust, and the growth of cloud computing • Fears of surveillance and excessive collection, use and disclosure of personal information by others are also diminishing confidence and use • Lack of individual user empowerment and control – Uncertainty as to location of data, rights to data • Function creep, power asymmetries, discrimination • Data breach notification • Proper data return and destruction • Governing law
  • 5. You can outsource services … … but you can’t outsource accountability You always remain accountable
  • 6. Privacy by Design Meets the Cloud: Current and Future Privacy Challenges • What is Privacy by Design? building privacy into technology from the ground up • The goal is to establish trust in: • Data (that travels through the cloud) • Personal devices (that interact with cloud-based services) • Software • Service providers
  • 7. Privacy by Design: The 7 Foundational Principles 1. Proactive not Reactive: Preventative, not Remedial; 2. Privacy as the Default setting; 3. Privacy Embedded into Design; 4. Full Functionality: Positive-Sum, not Zero-Sum; 5. End-to-End Security: Full Lifecycle Protection; 6. Visibility and Transparency: Keep it Open; 7. Respect for User Privacy: Keep it User-Centric. www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf
  • 8. Privacy by Design Meets the Cloud Some things to consider: • Exercise due diligence • Conduct a Privacy Impact Assessment • Use identifying information only when necessary • Identify and minimize privacy and security risks • Use privacy enhancing technological tools • Ensure transparency, notice, education, awareness • Develop a privacy breach management plan • Create and enforce contractual clauses
  • 9. Contractual Provisions to Consider • Service provider should not use PI except as necessary in providing services • Provider should not improperly disclose PI • Provider must employ safeguards to ensure PI is retained, transferred and disposed of securely • Provider must notify the organization immediately of any order or other requirement to compel production of PI • Provider must notify the organization immediately if PI is stolen, lost, accessed by unauthorized persons • Implement oversight and monitoring program, including audits of the provider’s compliance with the terms of the agreement • No one on behalf of provider should have access to PI unless that person agrees to comply with restrictions in the agreement.
  • 10. USA Patriot Act and Cloud Computing • BC, NS legislation restricts government’s ability to outsource beyond Canadian border • There will always be laws that allow law enforcement to gain access to information in their jurisdictions – the important question is what steps can an organization take to help ensure privacy and security, regardless of jurisdiction • Organizations considering outsourcing or cloud computing should ensure accountability through appropriate contractual provisions and a Privacy by Design approach that ensures privacy is built in as an integral part of the proposed technologies and business practices
  • 11. Privacy by Design in Action
  • 12. Privacy in the Clouds • The 21st Century Privacy Challenge; • Creating a User-Centric Identity Management Infrastructure; • Using Technology Building Blocks; • A Call to Action. www.ipc.on.ca/images/Resources%5Cprivacyintheclouds.pdf
  • 13. Cloud Computing Architecture and Privacy • Cloud Delivery Models • Use cloud in privacy protective manner – user control • e.g. encryption, segregation www.ipc.on.ca/images/Resources/pbd-NEC-cloud.pdf
  • 14. Conclusions • Cloud computing has many benefits and risks • You can outsource your services but not your accountability • Conduct proper due diligence on your cloud provider • Ensure you have the appropriate contractual provisions in place • Build PbD into the cloud infrastructure • Embed privacy as a core functionality: the future of privacy may depend on it!
  • 15. How to Contact Us David Goodis Director of Legal Services and General Counsel Information & Privacy Commissioner of Ontario 2 Bloor Street East, Suite 1400 Toronto, Ontario, Canada M4W 1A8 Phone: (416) 326-3948 / 1-800-387-0073 Web: www.ipc.on.ca E-mail: info@ipc.on.ca